Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
956 questions
Application gateway WAF can protect all attacks listed>
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 52%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Testa
551
Reputation points
Hi all,
May I confirm if WAF in Application gateway can protect from the attacks listed below?
- Buffer overflow
- SSI injection
- Directory Traversal
I cannot find these in the document below.
https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules?tabs=owasp32#crs800-32
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT 22,701 Reputation points Microsoft Employee2022-12-01T18:36:51.913+00:00 @Testa ,
Thank you for reaching out. I have reached out to the team internally regarding this issue and will share an update as soon as I get a response. Thank you!
-
Testa 551 Reputation points
2022-12-06T01:04:29.067+00:00 Hi @ChaitanyaNaykodiMSFT-9638, Any feedback from your internal team?
-
Testa 551 Reputation points
2022-12-12T13:24:43.3+00:00 Hi @ChaitanyaNaykodiMSFT-9638, Any feedback from your internal team?
-
ChaitanyaNaykodi-MSFT 22,701 Reputation points Microsoft Employee
2022-12-12T21:47:54.013+00:00 @Testa ,
Apologies for the delayed response here. I got an update.
The path traversal attacks are protected by CRS 3.2 CRS rule groups and rules - Azure Web Application Firewall | Microsoft Learn.
It does not look like there are specific rules in CRS 3.2 for buffer overflow or SSI injection even though they are both part of OWASP framework. Can you please explain how you expect SSI injection and buffer overflow can occur in your specific environment?
-
ChaitanyaNaykodi-MSFT 22,701 Reputation points Microsoft Employee
2022-12-15T13:08:00.887+00:00 @Testa ,
Just following up here to see if you were able to take a look at my comment above. Thank you!
Sign in to comment